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DETAILED ACTION 

Response to Arguments 

1 . Applicant's arguments filed 02/20/08 have been fully considered but they are not 
persuasive. 

Applicant argues that Donahue does not teach that a plurality of triggers function 
as a trigger for another of the plurality of triggers (Amendment, page 8). 

The examiner disagrees, Donahue teaches that "some categories are 
hierarchical, containing no regular expressions but depend upon matches by constituent 
categories" (paragraph 7, lines 9 - 12). Having hierarchical categories implies a plurality 
of triggers function as a trigger for another of the plurality of triggers, since some 
categories depend upon matches by constituent categories. 

Applicant argues that Donahue does not teach dynamically re-ordering the 
computations (Amendment, page 9). 

The examiner disagrees, Donahue teaches that "each category is assigned a 
numeric value. Each key phrase or regular expression within a category is also 
assigned a numeric value. When a log is examined, the sum of all values associated 
with each matching key phrase or regular expression is compared with the value for the 
category" (paragraph 17, lines 5-10). Comparing the sum of all values associated with 
matching key phrases with the value for the category implies dynamically re-ordering 
the computations. 



Application/Control Number: 10/748,677 
Art Unit: 2626 



Page 3 



Applicant argues that Donahue does not teach or suggest ordering a plurality of 
pre-requisite triggers based on decreasing absolute value of a score associated with 
each of the plurality triggers (Amendment, page 9). 

The examiner disagrees, Donahue describes a subroutine category search in 
paragraph 25, that order a plurality of pre-requisite triggers based on decreasing 
absolute value, since key phrases search follow a decreasing absolute value from -4, - 
2, +2, and +1 (paragraph 25). 

Applicant argues that Donahue does not teach or suggest determining whether a 
score of the first pre-requisite trigger is greater than zero (Amendment, page 10). 

The examiner disagree, Donahue teaches that "within each category, a regular 
expression can be assigned a positive or negative value. Using negative values 
facilitates avoidance of "false hits" or undesired matches" (paragraph 19). Assigning a 
positive or negative value to regular expression within a category implies determining 
whether a score of the first pre-requisite trigger is greater than zero, since negative 
values are used to avoid false hits. 

Applicant argues that Donahue does not teach or suggest an Avoid Evaluation of 
this Trigger rating associated with the first pre-requisite trigger; determining if the first 
pre-requisite is not a hit (Amendment, pages 1 1 , and 1 2). 
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The examiner disagree, Donahue teaches that "within each category, a regular 
expression can be assigned a positive or negative value. Using negative values 
facilitates avoidance of "false hits" or undesired matches" (paragraph 19). Assigning a 
positive or negative value to regular expression within a category implies using an Avoid 
Evaluation of this Trigger rating; and determining if the first pre-requisite is not a hit, 
since the numeric values are used to avoid undesired matches or false hits. 

2. Applicant's arguments, see page 1 1 , section B, filed 02/20/08, with respect to 
claims 25, and 29 have been fully considered and are persuasive. The rejection of 
claims 25, and 29 has been withdrawn. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

4. Claims 1 - 24, and 28 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Donahue (US PAP 2002/0004907). 

As per claim 1 , Donahue teaches a method for linguistic analysis comprising: 
receiving a user selection of at least one category from a list of pre-defined 
categories, wherein the categories include complex aggregate behavior with a plurality 
of triggers in a hierarchical relationship and at least one of the plurality of triggers is a 
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trigger for another of the plurality of triggers ("some categories are hierarchical, 
containing no regular expressions but depend upon matches by constituent categories" 
paragraph 7, lines 1 - 12); 

preparing by collecting the data from at least one of a data stream, a file system, 
and a database ("the file is considered a match for that category"; paragraph 17, lines 8 
-11); 

evaluating and scoring the data for the selected at least one category based on 
the complex aggregate behavior ("assigned a positive or negative value"; paragraph 19, 
lines 1 -4). 

As per claim 2, Donahue further discloses receiving a custom category definition 
from the user, scoring the data further based on the custom category definition 
(paragraph 20). 

As per claim 3, Donahue further discloses the custom category is dependent 
upon the user-selected category ("categories are pre-defined"; paragraphs 20, and 21; 
paragraph 7, lines 1 - 3). 

As per claim 4, Donahue further discloses determining whether the user-selected 
category is a hit based on the tally; and performing at least one predetermined action 
where it is determined that the user-selected category is a hit ("sum weighted values 
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exceeds a threshold value, the communication is stored for subsequent review by an 
authorized user"; paragraph 19, lines 1 - 3; Abstract, lines 7-11). 

As per claim 5, Donahue further discloses determining is based on at least one of 
threshold scoring and Boolean logic scoring (Abstract, lines 7-11). 

As per claim 6, Donahue further discloses that the predetermined action is at 
least one of blocking access, alerting an administrator, and logging data ("the 
communication is stored"; Abstract, lines 7-11). 

As per claim 7, Donahue further discloses that the step of evaluating and scoring 
the data comprises a plurality of computations and the method further comprises 
dynamically re-ordering the computations ("each category is assigned a numeric value. 
Each key phrase or regular expression within a category is also assigned a numeric 
value. When a log is examined, the sum of all values associated with each matching 
key phrase or regular expression is compared with the value for the category"; 
paragraph 17, lines 5-10). 

As per claim 8, Donahue further discloses defining complex aggregate behavior 
includes associating a score with each of the plurality of triggers ("each regular 
expression within a category is assigned a numeric value"; paragraph 17, lines 5 - 8). 
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As per claim 9, Donahue further discloses defining complex aggregate behavior 
further includes applying at least one of an addition operator, a subtraction operator, a 
multiplication operator and a division operator to the score associated with at least one 
of the plurality of triggers ("sum of all values associated"; paragraph 1 7, lines 8-11). 

As per claim 10, Donahue further discloses defining complex aggregate behavior 
further includes applying a negation operator to the score of at least one of the plurality 
of triggers ("negative value"; paragraph 19, lines 1 -3). 

As per claim 1 1 , Donahue further discloses defining complex aggregate behavior 
includes associating a pattern tuple with at least one of the plurality of triggers 
("comparing the log data with known protocol patterns"; paragraph 13, lines 6 - 9). 

As per claim 12, Donahue further discloses simplifying the complex aggregate 
behavior by combining two or more triggers having the same associated pattern tuple 
("sum of all values associated with each matching key phrase"; paragraph 17, lines 8 - 
11). 

As per claim 13, Donahue further discloses defining complex aggregate behavior 
includes associating a list of pre-requisite triggers, scores for each of the pre-requisite 
triggers, and negation status with at least one of the plurality of triggers ("negative 
values"; paragraph 17, lines 5-8; paragraph 19, lines 1 - 3). 
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As per claim 14, Donahue further discloses simplifying the complex aggregate 
behavior by combining two or more triggers having the same associated list of pre- 
requisite triggers, scores for each of the pre-requisite triggers, and negation status 
(paragraph 17, lines 5-8; paragraph 19, lines 1 -3; paragraph 25). 

As per claim 15, Donahue further discloses defining complex aggregate behavior 
includes associating at least one of a plurality of actions with at least one of the plurality 
of triggers ("acquisition category"; paragraph 21). 

As per claim 16, Donahue further discloses simplifying the complex aggregate 
behavior by not resolving any of the plurality of triggers that are not associated with at 
least one of the plurality of actions (paragraph 25 shows an example of a complex 
aggregate behavior simplification; paragraph 25). 

As per claims 17, and 28, Donahue teaches a method for linguistic analysis 
comprising: 

receiving data; setting a tally for a containing trigger equal to zero; ordering a 
plurality of pre-requisite triggers based on decreasing absolute value of a score 
associated with each of the plurality of pre-requisite triggers (Donahue describes a 
subroutine category search in paragraph 25, that order a plurality of pre-requisite 
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triggers based on decreasing absolute value, since key phrases search follow a 
decreasing absolute value from -4, -2, +2, and +1; paragraphs 21, 22, and 25); and 

selecting one of the plurality of pre-requisite triggers based on the order (" 
"resume (attached/enclosed)" will be searched first"; paragraph 21, lines 6-10). 

As per claim 18, Donahue further discloses determining whether the selected 
one of the plurality of triggers is a hit ("match"; paragraph 25, line 4); 

if the selected one of the plurality of triggers is a hit, updating the tally by adding 
to the tally the score associated with the selected one of the plurality of triggers ("sum 
being set to -4"; paragraph 25, line 5) ; 

determining whether the updated tally less the sum of absolute values of scores 
associated with each unresolved trigger within the plurality of pre-requisite triggers is 
greater than a predetermined threshold ("sum is not greater than or equal to 4"; 
paragraph 25, lines 5 -7); 

and if the updated tally less the sum of absolute values of scores associated with 
each unresolved trigger within the plurality of pre-requisite triggers is greater than the 
predetermined threshold, resolving the containing trigger as a hit ("sum is greater than 
or equal to 4, the log is saved"; paragraph 27, lines 9-12). 

As per claim 1 9, Donahue further discloses that if the updated tally less the sum 
of absolute values of scores associated with each unresolved trigger within the plurality 
of pre-requisite triggers is not greater than the predetermined threshold, determining 



Application/Control Number: 10/748,677 Page 10 

Art Unit: 2626 

whether each of the pre-requisite triggers have been selected ("the text is not 
considered a match for this category and the log is deleted"; paragraph 25, lines 20, and 
21); and 

if each of the pre-requisite triggers have been selected, resolving the containing 
trigger as a non-hit ("false hit"; paragraph 19, lines 15-17). 

As per claim 20, Donahue teaches defining a category having a first pre-requisite 
trigger and a second pre-requisite trigger; receiving a first data set ("acquisition 
category, the regular expression "resume (attached/enclosed)"; paragraph 21, lines 6 - 
10); 

determining whether the first pre-requisite trigger is a hit based on the first data 
set ("match"; paragraph 25, line 4; paragraph 19, lines 1 - 4); 

if the first pre-requisite trigger is a hit, determining whether a score of the first 
pre-requisite trigger is greater than zero ("sum is not greater than or equal to 4"; 
paragraph 25, lines 5 -7; paragraph 19, lines 1 - 4); 

if the score of the first pre-requisite trigger is greater than zero, determining 
whether the second pre-requisite trigger is a hit based on the first data set ("the sum is 
greater than or equal to 4"; paragraph 27, lines 8-12; paragraph 19, lines 1 - 4); 

if the second pre-requisite trigger is a hit, determining whether a score of the 
second pre-requisite trigger is greater than zero ("sum is not greater than or equal to 4"; 
paragraph 25, lines 5 -7; paragraph 19, lines 1 - 4); and 
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if the score of the second pre-requisite trigger is greater than zero, resolving the 
category as a hit with respect to the first data set ("the log is saved and the search is 
finish for this category"; paragraph 27, lines 8-12; paragraph 19, lines 1 - 4). 

As per claim 21 , Donahue further discloses that if the first pre-requisite trigger is 
a hit, increasing an Avoid Evaluation Of This Trigger (AEOTT) rating associated with the 
first pre-requisite trigger ("a regular expression can be assigned a positive or negative 
value ... facilitates avoidance"; paragraph 19, lines 1 -4). 

As per claim 22, Donahue further discloses receiving a second data set; 
determining whether the second pre-requisite trigger is a hit based on the second data 
set ("match"; paragraph 25, line 4); 

if the second pre-requisite trigger is a hit, determining whether a score of the 
second pre-requisite trigger is greater than zero("sum is not greater than or equal to 4"; 
paragraph 25, lines 5 -7; paragraph 19, lines 1 - 4); 

if the score of the second pre-requisite trigger is greater than zero, determining 
whether the first pre-requisite trigger is a hit based on the second data set ("the sum is 
greater than or equal to 4"; paragraph 27, lines 4-12; paragraph 19, lines 1 - 4); 

if the first pre-requisite trigger is a hit, determining whether a score of the first 
pre-requisite trigger is greater than zero; and if the score of the first pre-requisite trigger 
is greater than zero, resolving the category as a hit with respect to the second data set 
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("the log is saved and the search is finished for this category"; paragraph 27; paragraph 
19, lines 1 - 4). 

As per claim 23, Donahue teaches a method for linguistic analysis comprising: 

defining a category having a first pre-requisite trigger and a second pre-requisite 
trigger; receiving a first data set ("acquisition category, the regular expression "resume 
(attached/enclosed)"; paragraph 21, lines 6-10; paragraph 19, lines 1 - 4); 

determining whether the first pre-requisite trigger is a hit based on the first data 
set ("match"; paragraph 25, line 4; paragraph 19, lines 1 - 4); 

if the first pre-requisite trigger is a hit, determining whether a score of the first 
pre-requisite trigger is greater than zero; if the score of the first pre-requisite trigger is 
greater than zero, resolving the category as a hit with respect to the first data set 
("because sum is greater than or equal to 4, the log is saved and the search is finished 
for this category"; paragraph 27, lines 9 - 12; paragraph 19, lines 1 - 4) 

if the first pre-requisite trigger is not a hit, determining whether the second pre- 
requisite trigger is a hit based on the first data set; if the second pre-requisite trigger is a 
hit, determining whether a score of the second pre-requisite trigger is greater than zero; 
and if the score of the second pre-requisite trigger is greater than zero, resolving the 
category as a hit with respect to the first data set ("because sum is greater than or equal 
to 4, the log is saved and the search is finished for this category"; paragraph 27; 
paragraph 19, lines 1 - 4). 
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As per claim 24, Donahue further discloses that if the first pre-requisite trigger is 
a hit, decreasing an Avoid Evaluation Of This Trigger (AEOTT) rating associated with 
the first pre-requisite trigger ("a regular expression can be assigned a positive or 
negative value ... facilitates avoidance"; paragraph 19, lines 1 - 3). 

Allowable Subject Matter 

5. Claims 25, and 29 are allowed over the prior art of record. The following is an 
examiner's statement of reasons for allowance: 

After further search and thorough examination of the present application and in 
view of the Applicant's arguments and amendments, page 1 1 , section B, claims 25, and 
29 are found to be in condition for allowance over the prior art made of record. 

6. The following is an examiner's statement of reasons for allowance: Applicant 
teaches performing an early exit based on mounting negative values for found phrases. 
This limitation in conjunction with other limitations of the independent claims were not 
shown by, would not have been obvious over, nor would have been fairly suggested by 
the prior art of record. 

Conclusion 

7. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to LEONARD SAINT CYR whose telephone number is 
(571) 272-4247. The examiner can normally be reached on Mon- Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Richemond Dorvil can be reached on (571) 272-7602. The fax phone 
number for the organization where this application or proceeding is assigned is (571)- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

05/27/08 
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